steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

chore: nixfmt *

Browse source
This commit is contained in:
steveej 2022-10-31 11:04:38 +01:00
parent dc761a5271
commit d039179898
161 changed files with 2688 additions and 3024 deletions
Download patch file Download diff file Expand all files Collapse all files

56
nix/os/containers/backup-target.nix
View file

@ -1,20 +1,15 @@
{ hostAddress
, localAddress
, containerBackupCfg
, sshPort ? containerBackupCfg.portInt
}: {
{ hostAddress, localAddress, containerBackupCfg
, sshPort ? containerBackupCfg.portInt }: {
config = { config, pkgs, lib, ... }: {
system.stateVersion = "21.11"; # Did you read the comment?
imports = [
../profiles/containers/configuration.nix
];
imports = [ ../profiles/containers/configuration.nix ];
networking.firewall.enable = false;
services.ddclientovh = {
enable = true;
domain = containerBackupCfg.addr;
enable = true;
domain = containerBackupCfg.addr;
};
services.openssh.enable = true;
@ -35,16 +30,23 @@
security.sudo = {
enable = true;
extraRules = [
{
users = [ "bkp" ];
commands = [
{ command = "/etc/profiles/per-user/bkp/bin/btrfs"; options = [ "NOPASSWD" ]; }
{ command = "/run/current-system/sw/bin/readlink"; options = [ "NOPASSWD" ]; }
{ command = "/run/current-system/sw/bin/test"; options = [ "NOPASSWD" ]; }
];
}
];
extraRules = [{
users = [ "bkp" ];
commands = [
{
command = "/etc/profiles/per-user/bkp/bin/btrfs";
options = [ "NOPASSWD" ];
}
{
command = "/run/current-system/sw/bin/readlink";
options = [ "NOPASSWD" ];
}
{
command = "/run/current-system/sw/bin/test";
options = [ "NOPASSWD" ];
}
];
}];
};
};
@ -58,14 +60,12 @@
};
privateNetwork = true;
forwardPorts = [
{
# ssh
containerPort = 22;
hostPort = sshPort;
protocol = "tcp";
}
];
forwardPorts = [{
# ssh
containerPort = 22;
hostPort = sshPort;
protocol = "tcp";
}];
inherit hostAddress localAddress;
}

57
nix/os/containers/backup.nix
View file

@ -1,9 +1,4 @@
{ config
, hostAddress
, localAddress
, subvolumes
, targetPathSuffix ? ""
}:
{ config, hostAddress, localAddress, subvolumes, targetPathSuffix ? "" }:
let
passwords = import ../../variables/passwords.crypt.nix;
@ -13,14 +8,9 @@ in {
config = { pkgs, ... }: {
system.stateVersion = "20.03"; # Did you read the comment?
imports = [
../profiles/containers/configuration.nix
];
imports = [ ../profiles/containers/configuration.nix ];
environment.systemPackages = with pkgs; [
btrfs-progs
btrbk
];
environment.systemPackages = with pkgs; [ btrfs-progs btrbk ];
networking.firewall.enable = true;
@ -28,17 +18,11 @@ in {
enable = true;
description = "bkp-sync service";
serviceConfig = {
Type = "oneshot";
};
serviceConfig = { Type = "oneshot"; };
after = [
"bkp-run.service"
];
after = [ "bkp-run.service" ];
requires = [
"bkp-run.service"
];
requires = [ "bkp-run.service" ];
path = with pkgs; [ utillinux ];
script = ''
@ -51,17 +35,13 @@ in {
enable = true;
description = "bkp-run";
serviceConfig = {
Type = "oneshot";
};
serviceConfig = { Type = "oneshot"; };
partOf = [
"bkp-sync.service"
];
partOf = [ "bkp-sync.service" ];
path = with pkgs; [ btrfs-progs btrbk coreutils ];
script = let
script = let
btrbkConf = pkgs.writeText "cfg" ''
timestamp_format long
ssh_identity ${passwords.storage.backupTarget.keyPath}
@ -78,7 +58,8 @@ in {
volume ${subvolumeParentDir}
target ${passwords.storage.backupTarget.target}/container-volumes/${targetPathSuffix}
${builtins.foldl' (sum: elem: sum + " subvolume " + elem + "\n") "" subvolumes}
${builtins.foldl' (sum: elem: sum + " subvolume " + elem + "\n") ""
subvolumes}
'';
in ''
#! ${pkgs.bash}/bin/bash
@ -95,10 +76,10 @@ in {
timerConfig = {
# Obtained using `systemd-analyze calendar "Wed 23:00"`
# OnCalendar = "Wed *-*-* 23:00:00";
OnStartupSec="1m";
OnStartupSec = "1m";
Unit = "bkp-sync.service";
OnUnitInactiveSec="2h";
Persistent="true";
OnUnitInactiveSec = "2h";
Persistent = "true";
};
};
};
@ -122,13 +103,13 @@ in {
};
};
allowedDevices = [
{ node = "/dev/fuse"; modifier = "rw"; }
];
allowedDevices = [{
node = "/dev/fuse";
modifier = "rw";
}];
privateNetwork = true;
forwardPorts = [
];
forwardPorts = [ ];
inherit hostAddress localAddress;
}

104
nix/os/containers/mailserver.nix
View file

@ -1,28 +1,20 @@
{ hostAddress
, localAddress
, imapsPort ? 993
, sievePort ? 4190
}:
{ hostAddress, localAddress, imapsPort ? 993, sievePort ? 4190 }:
let
passwords = import ../../variables/passwords.crypt.nix;
let passwords = import ../../variables/passwords.crypt.nix;
in
{
in {
config = { pkgs, ... }: {
system.stateVersion = "21.11"; # Did you read the comment?
imports = [
../profiles/containers/configuration.nix
../profiles/common/user.nix
];
imports =
[ ../profiles/containers/configuration.nix ../profiles/common/user.nix ];
networking.firewall.enable = false;
services.ddclientovh = {
enable = true;
domain = "mailserver.svc.stefanjunker.de";
enable = true;
domain = "mailserver.svc.stefanjunker.de";
};
services.dovecot2 = {
@ -43,7 +35,7 @@ in
extraConfig = ''
auth_mechanisms = cram-md5 digest-md5
auth_verbose = yes
passdb {
driver = passwd-file
args = scheme=CRYPT username_format=%u /etc/dovecot/users
@ -75,26 +67,26 @@ in
description = "Getmail service";
path = [ pkgs.getmail6 ];
script = let
rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" ''
[options]
verbose = 1
read_all = 0
delete_after = 30
rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" ''
[options]
verbose = 1
read_all = 0
delete_after = 30
[retriever]
type = SimpleIMAPSSLRetriever
server = ssl0.ovh.net
port = 993
username = mail@stefanjunker.de
password = ${passwords.email.mailStefanjunkerDe}
mailboxes = ('INBOX',)
[retriever]
type = SimpleIMAPSSLRetriever
server = ssl0.ovh.net
port = 993
username = mail@stefanjunker.de
password = ${passwords.email.mailStefanjunkerDe}
mailboxes = ('INBOX',)
[destination]
type = MDA_external
path = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda
'';
in ''
getmail --rcfile=${rc} --idle=INBOX
[destination]
type = MDA_external
path = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda
'';
in ''
getmail --rcfile=${rc} --idle=INBOX
'';
};
@ -108,45 +100,45 @@ in
serviceConfig.RestartSec = 1000;
serviceConfig.Restart = "always";
script = let
rc = pkgs.writeText "schtifATweb.de.getmail.rc" ''
[options]
verbose = 1
read_all = 0
delete_after = 30
rc = pkgs.writeText "schtifATweb.de.getmail.rc" ''
[options]
verbose = 1
read_all = 0
delete_after = 30
[retriever]
type = SimpleIMAPSSLRetriever
server = imap.web.de
port = 993
username = schtif
password = ${passwords.email.schtifATwebDe}
mailboxes = ('INBOX',)
[retriever]
type = SimpleIMAPSSLRetriever
server = imap.web.de
port = 993
username = schtif
password = ${passwords.email.schtifATwebDe}
mailboxes = ('INBOX',)
[destination]
type = Maildir
path = ~/.maildir/
'';
in ''
getmail --rcfile=${rc}
[destination]
type = Maildir
path = ~/.maildir/
'';
in ''
getmail --rcfile=${rc}
'';
};
};
};
autoStart = true;
bindMounts = {
"/etc/secrets/" = {
"/etc/secrets/" = {
hostPath = "/var/lib/container-volumes/mailserver/etc-secrets";
isReadOnly = false;
};
"/home" = {
"/home" = {
hostPath = "/var/lib/container-volumes/mailserver/home";
isReadOnly = false;
};
};
privateNetwork = true ;
privateNetwork = true;
forwardPorts = [
{
# imaps

11
nix/os/containers/syncthing.nix
View file

@ -1,17 +1,12 @@
{ hostAddress
, localAddress
, syncthingPort ? 22000
, syncthingLocalAnnouncePort ? 21027
}:
{ hostAddress, localAddress, syncthingPort ? 22000
, syncthingLocalAnnouncePort ? 21027 }:
{
config = { config, pkgs, ... }: {
system.stateVersion = "20.05"; # Did you read the comment?
imports = [
../profiles/containers/configuration.nix
];
imports = [ ../profiles/containers/configuration.nix ];
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [

37
nix/os/containers/webserver.nix
View file

@ -1,25 +1,17 @@
{ hostAddress
, localAddress
, httpPort ? 80
, httpsPort ? 443
}:
{ hostAddress, localAddress, httpPort ? 80, httpsPort ? 443 }:
let
passwords = import ../../variables/passwords.crypt.nix;
in
{
let passwords = import ../../variables/passwords.crypt.nix;
in {
config = { config, pkgs, lib, ... }: {
system.stateVersion = "22.05"; # Did you read the comment?
imports = [
../profiles/containers/configuration.nix
];
imports = [ ../profiles/containers/configuration.nix ];
networking.firewall.enable = false;
services.ddclientovh = {
enable = true;
domain = "www.stefanjunker.de";
enable = true;
domain = "www.stefanjunker.de";
};
security.acme = {
@ -58,20 +50,16 @@ in
# sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
# sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
locations."/fi" = {
index = "index.php";
};
locations."/fi" = { index = "index.php"; };
locations."~ ^(.+\.php)(.*)$".extraConfig = ''
locations."~ ^(.+.php)(.*)$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket};
fastcgi_index index.php;
'';
locations."/hedgedoc/" = {
proxyPass = "http://127.0.0.1:3000/";
};
locations."/hedgedoc/" = { proxyPass = "http://127.0.0.1:3000/"; };
locations."/hedgedoc/socket.io/" = {
proxyPass = "http://127.0.0.1:3000/socket.io/";
@ -92,15 +80,14 @@ in
"pm.max_spare_servers" = 3;
"pm.max_requests" = 500;
"php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
"php_admin_value[error_reporting]" =
"E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
};
};
# the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work
systemd.services."phpfpm-mypool" = {
serviceConfig = {
Type = lib.mkForce "simple";
};
serviceConfig = { Type = lib.mkForce "simple"; };
};
services.mysql = {

4
nix/os/devices/167.233.1.14/boot.nix
View file

@ -1,6 +1,4 @@
{ lib
, ...
}:
{ lib, ... }:
{
boot.loader.grub.efiSupport = lib.mkForce false;

3
nix/os/devices/167.233.1.14/configuration.nix
View file

@ -1,8 +1,7 @@
{ ... }:
{
disabledModules = [
];
disabledModules = [ ];
imports = [
../../profiles/common/configuration.nix

15
nix/os/devices/167.233.1.14/hw.nix
View file

@ -1,7 +1,7 @@
{ ... }:
let
stage1Modules = [
stage1Modules = [
"virtio_balloon"
"virtio_scsi"
"virtio_net"
@ -18,8 +18,7 @@ let
"ata_generic"
];
in
{
in {
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/354fb107-2f4a-42ad-80dd-9dddb61bfd02";
fsType = "ext4";
@ -39,14 +38,12 @@ in
neededForBoot = true;
};
swapDevices = [ { device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d"; } ];
swapDevices =
[{ device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d"; }];
boot.loader.grub = {
device = "/dev/vda";
};
boot.loader.grub = { device = "/dev/vda"; };
boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules;
boot.extraModprobeConfig = ''
'';
boot.extraModprobeConfig = "";
}

49
nix/os/devices/167.233.1.14/pkg.nix
View file

@ -1,30 +1,29 @@
{ config
, pkgs
, lib
, ...
}:
{ config, pkgs, lib, ... }:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
extraPackages = [
# required by vscode's remote-ssh plugin
pkgs.nodejs
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
extraPackages = [
# required by vscode's remote-ssh plugin
pkgs.nodejs
# allow clipboard exchanges
pkgs.xsel
pkgs.xclip
];
};
# allow clipboard exchanges
pkgs.xsel
pkgs.xclip
];
};
nix.buildMachines = [
{ hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 4;
}
];
nix.buildMachines = [{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 4;
}];
}

44
nix/os/devices/167.233.1.14/system.nix
View file

@ -1,15 +1,9 @@
{ pkgs
, lib
, config
, ... }:
{ pkgs, lib, config, ... }:
let
keys = import ../../../variables/keys.nix;
let keys = import ../../../variables/keys.nix;
in {
nix.binaryCaches = [
"https://cache.holo.host"
];
nix.binaryCaches = [ "https://cache.holo.host" ];
nix.binaryCachePublicKeys = [
"cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="
@ -32,11 +26,11 @@ in {
networking.interfaces.eth0 = {
mtu = 1400;
useDHCP = false;
ipv4.addresses = [
{ "address" = "167.233.1.14"; "prefixLength" = 29; }
];
ipv6.addresses = [
];
ipv4.addresses = [{
"address" = "167.233.1.14";
"prefixLength" = 29;
}];
ipv6.addresses = [ ];
};
networking.defaultGateway = {
@ -49,9 +43,7 @@ in {
interface = "eth0";
};
networking.nameservers = [
"1.1.1.1"
];
networking.nameservers = [ "1.1.1.1" ];
networking.nat = {
enable = true;
@ -63,9 +55,7 @@ in {
# services.kubernetes.roles = ["master" "node"];
# virtualization
virtualisation = {
docker.enable = true;
};
virtualisation = { docker.enable = true; };
services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true;
@ -79,25 +69,21 @@ in {
'';
};
systemd.services.sshd.serviceConfig = {
TasksMax = 32;
};
systemd.services.sshd.serviceConfig = { TasksMax = 32; };
systemd.timers."sshd-status" = {
description = "Timer to trigger sshd-status periodically";
enable = true;
wantedBy = [ "timer.target" "multi-user.target" ];
timerConfig = {
OnActiveSec="360s";
OnUnitActiveSec="360s";
AccuracySec="1s";
OnActiveSec = "360s";
OnUnitActiveSec = "360s";
AccuracySec = "1s";
Unit = "sshd-status.service";
};
};
nix.gc = {
automatic = true;
};
nix.gc = { automatic = true; };
networking.useHostResolvConf = true;

3
nix/os/devices/167.233.1.14/versions.nix
View file

@ -4,9 +4,8 @@ let
ref = "nixos-21.11";
rev = "e34c5379866833f41e2a36f309912fa675d687c7";
};
in
{
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;
"channels-nixos-21.05" = {

35
nix/os/devices/167.233.1.14/versions.tmpl.nix
View file

@ -2,46 +2,61 @@ let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.11";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;
"channels-nixos-21.05" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.05";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.05 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"channels-nixos-20.09" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.09";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"channels-nixos-20.03" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.03";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.03 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.03 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"channels-nixos-19.09" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-19.09";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-19.09 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-19.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-21.05";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-21.05 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-21.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

61
nix/os/devices/default.nix
View file

@ -1,45 +1,35 @@
{ dir
, pkgs ? import <channels-nixos-stable> {}
, ownLib ? import ../lib/default.nix { }
, gitRoot ? "$(git rev-parse --show-toplevel)"
{ dir, pkgs ? import <channels-nixos-stable> { }
, ownLib ? import ../lib/default.nix { }, gitRoot ?
"$(git rev-parse --show-toplevel)"
# FIXME: why do these need explicit mentioning?
, moreargs ? ""
, rebuildarg ? ""
, ...
} @ args :
# FIXME: why do these need explicit mentioning?
, moreargs ? "", rebuildarg ? "", ... }@args:
let
rebuildargsSudo = [ "switch" "boot" ];
rebuild = {
gitRoot
, rebuildarg ? "dry-activate"
, moreargs ? ""
rebuild = { gitRoot, rebuildarg ? "dry-activate", moreargs ? ""
, ...
}: pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
, ... }:
pkgs.writeScript "script" ''
#!/usr/bin/env bash
set -xe
pushd ${gitRoot}/${dir}
export NIXOS_CONFIG="$PWD"/configuration.nix
pushd ${gitRoot}/${dir}
export NIXOS_CONFIG="$PWD"/configuration.nix
[[ -e "''${NIXOS_CONFIG}" ]]
[[ -e "''${NIXOS_CONFIG}" ]]
if test -L result; then
rm result
fi
if test -L result; then
rm result
fi
${if (builtins.elem rebuildarg rebuildargsSudo)
&& (builtins.match ".*--target-host.*" moreargs) == null
then
${if (builtins.elem rebuildarg rebuildargsSudo)
&& (builtins.match ".*--target-host.*" moreargs) == null then
"sudo -E \\"
else
""
}
nixos-rebuild --show-trace -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} ${moreargs}
'';
""}
nixos-rebuild --show-trace -I nixos-config=''${NIXOS_CONFIG} ${rebuildarg} ${moreargs}
'';
in {
recipes = {
@ -48,9 +38,8 @@ in {
inherit moreargs;
inherit rebuildarg;
}
# // pkgs.lib.attrsets.optionalAttrs (moreargs != "") { inherit moreargs; }
# // pkgs.lib.attrsets.optionalAttrs (rebuildarg != "") { inherit rebuildarg; }
;
} // (import ./disk.nix (args // { inherit pkgs ownLib gitRoot; }))
;
# // pkgs.lib.attrsets.optionalAttrs (moreargs != "") { inherit moreargs; }
# // pkgs.lib.attrsets.optionalAttrs (rebuildarg != "") { inherit rebuildarg; }
;
} // (import ./disk.nix (args // { inherit pkgs ownLib gitRoot; }));
}

60
nix/os/devices/disk.nix
View file

@ -1,16 +1,12 @@
{ pkgs
, ownLib
, dir
, gitRoot
, diskId ? (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.opinionatedDisk.diskId
, encrypted ? (import ((builtins.getEnv "PWD")+"/${dir}/hw.nix") {}).hardware.opinionatedDisk.encrypted
, previousDiskId ? ""
{ pkgs, ownLib, dir, gitRoot, diskId ?
(import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
{ }).hardware.opinionatedDisk.diskId, encrypted ?
(import ((builtins.getEnv "PWD") + "/${dir}/hw.nix")
{ }).hardware.opinionatedDisk.encrypted, previousDiskId ? ""
, ...
}:
, ... }:
let
mntRootVol="/mnt/${diskId}-root";
let mntRootVol = "/mnt/${diskId}-root";
in rec {
diskMount = pkgs.writeScript "script" ''
@ -18,14 +14,18 @@ in rec {
set -xe
echo Mounting ${diskId}
${pkgs.lib.strings.optionalString encrypted ''
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${
ownLib.disk.luksName diskId
}
''}
sleep 1
sudo vgchange -ay ${ownLib.disk.volumeGroup diskId}
sudo mkdir -p /mnt
sudo mkdir ${mntRootVol}
sudo mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}
sudo mount ${ownLib.disk.rootFsDevice diskId} ${mntRootVol}/nixos/home -o subvol=home
sudo mount ${
ownLib.disk.rootFsDevice diskId
} ${mntRootVol}/nixos/home -o subvol=home
sudo mount ${ownLib.disk.bootFsDevice diskId} ${mntRootVol}/nixos/boot
'';
@ -62,7 +62,9 @@ in rec {
#!/usr/bin/env bash
set -xe
read -p "Continue to format ${ownLib.disk.bootGrubDevice diskId} (YES/n)? " choice
read -p "Continue to format ${
ownLib.disk.bootGrubDevice diskId
} (YES/n)? " choice
case "$choice" in
YES ) echo "Continuing in 3 seconds..."; sleep 3;;
n|N ) echo "Exiting..."; exit 0;;
@ -76,16 +78,16 @@ in rec {
g
n
1
+1M
n
2
+512M
n
3
t
1
4
@ -109,11 +111,15 @@ in rec {
${pkgs.lib.strings.optionalString encrypted ''
# Encrypt
sudo cryptsetup luksFormat ${ownLib.disk.bootLuksDevice diskId} -
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${
ownLib.disk.luksName diskId
}
''}
# LVM
sudo vgcreate ${ownLib.disk.volumeGroup diskId} ${ownLib.disk.lvmPv diskId encrypted}
sudo vgcreate ${ownLib.disk.volumeGroup diskId} ${
ownLib.disk.lvmPv diskId encrypted
}
sudo lvcreate ${ownLib.disk.volumeGroup diskId} -L 2G -n swap
sudo lvcreate ${ownLib.disk.volumeGroup diskId} -l 100%FREE -n root
@ -137,7 +143,9 @@ in rec {
#!/usr/bin/env bash
set -xe
read -p "Continue to relabel ${ownLib.disk.bootGrubDevice diskId} (YES/n)?" choice
read -p "Continue to relabel ${
ownLib.disk.bootGrubDevice diskId
} (YES/n)?" choice
case "$choice" in
YES ) echo "Continuing in 3 seconds..."; sleep 3;;
n|N ) echo "Exiting..."; exit 0;;
@ -168,9 +176,13 @@ in rec {
if test "${previousDiskId}"; then
${pkgs.lib.strings.optionalString encrypted ''
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${ownLib.disk.luksName diskId}
''}
${
pkgs.lib.strings.optionalString encrypted ''
sudo cryptsetup luksOpen ${ownLib.disk.bootLuksDevice diskId} ${
ownLib.disk.luksName diskId
}
''
}
sync
sleep 1
if sudo vgs ${previousDiskId}; then

6
nix/os/devices/elias-e525/boot.nix
View file

@ -1,8 +1,6 @@
{ lib
, ...
}:
{ lib, ... }:
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

3
nix/os/devices/elias-e525/hw.nix
View file

@ -9,6 +9,5 @@
};
# boot.initrd.availableKernelModules = stage1Modules;
boot.extraModprobeConfig = ''
'';
boot.extraModprobeConfig = "";
}

73
nix/os/devices/elias-e525/pkg.nix
View file

@ -1,45 +1,41 @@
{ pkgs
, lib
, ...
}:
{ pkgs, lib, ... }:
let
homeEnv = keyboard:
{
imports = [
(import ../../../home-manager/configuration/graphical-gnome3.nix { inherit pkgs; })
];
homeEnv = keyboard: {
imports = [
(import ../../../home-manager/configuration/graphical-gnome3.nix {
inherit pkgs;
})
];
home.keyboard = keyboard;
home.keyboard = keyboard;
home.packages = with pkgs; [
rhythmbox
lollypop
dia
kotatogram-desktop
jitsi
];
};
in
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
home.packages = with pkgs; [
rhythmbox
lollypop
dia
kotatogram-desktop
jitsi
];
};
services.gnome =
builtins.mapAttrs
(attr: value: lib.mkForce value)
{
games.enable = true;
gnome-remote-desktop.enable = true;
gnome-user-share.enable = true;
rygel.enable = true;
sushi.enable = true;
tracker.enable = true;
tracker-miners.enable = true;
}
;
in {
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
services.gnome = builtins.mapAttrs (attr: value: lib.mkForce value) {
games.enable = true;
gnome-remote-desktop.enable = true;
gnome-user-share.enable = true;
rygel.enable = true;
sushi.enable = true;
tracker.enable = true;
tracker-miners.enable = true;
};
home-manager.users.steveej = homeEnv {
layout = "en";
@ -49,17 +45,16 @@ in
home-manager.users.elias = homeEnv {
layout = "de";
options = [];
options = [ ];
variant = "";
};
home-manager.users.justyna = homeEnv {
layout = "de";
options = [];
options = [ ];
variant = "";
};
services.teamviewer.enable = true;
system.stateVersion = "21.11";
}

19
nix/os/devices/elias-e525/system.nix
View file

@ -1,13 +1,8 @@
{ pkgs
, lib
, config
, ... }:
{ pkgs, lib, config, ... }:
let
in
{
in {
# TASK: new device
networking.hostName = "elias-e525"; # Define your hostname.
@ -22,10 +17,7 @@ in
services.printing = {
enable = true;
drivers = with pkgs; [
mfcl3770cdw.driver
mfcl3770cdw.cupswrapper
];
drivers = with pkgs; [ mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
};
services.fprintd.enable = true;
@ -49,9 +41,8 @@ in
# udev.packages = [ pkgs.gnome3.gnome-settings-daemon ];
};
security.pki.certificateFiles = [
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
];
security.pki.certificateFiles =
[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
services.xserver.videoDrivers = [ "modesetting" ];

4
nix/os/devices/elias-e525/user.nix
View file

@ -1,6 +1,4 @@
{ config
, pkgs
, ... }:
{ config, pkgs, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;

7
nix/os/devices/elias-e525/versions.nix
View file

@ -4,13 +4,10 @@ let
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

23
nix/os/devices/elias-e525/versions.tmpl.nix
View file

@ -2,29 +2,34 @@ let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.11";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-21.11";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

6
nix/os/devices/fwhost1/boot.nix
View file

@ -1,8 +1,6 @@
{ lib
, ...
}:
{ lib, ... }:
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

6
nix/os/devices/fwhost1/hw.nix
View file

@ -2,8 +2,7 @@
let
in
{
in {
# TASK: new device
hardware.opinionatedDisk = {
enable = true;
@ -12,6 +11,5 @@ in
};
hardware.enableRedistributableFirmware = true;
boot.extraModprobeConfig = ''
'';
boot.extraModprobeConfig = "";
}

24
nix/os/devices/fwhost1/pkg.nix
View file

@ -1,18 +1,18 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
environment.systemPackages = with pkgs; [
iw
wirelesstools
];
environment.systemPackages = with pkgs; [ iw wirelesstools ];
system.stateVersion = "21.11";
}

20
nix/os/devices/fwhost1/system.nix
View file

@ -1,7 +1,4 @@
{ pkgs
, lib
, config
, ... }:
{ pkgs, lib, config, ... }:
let
keys = import ../../../variables/keys.nix;
@ -31,16 +28,25 @@ in {
# WAN interfaces, currently unused because the OPNsense guest acts as a router.
networking.vlans.wan1.id = 3;
networking.vlans.wan1.interface = "breth";
networking.interfaces.wan1.ipv4.addresses = [{ address = "192.168.0.15"; prefixLength = 24; } ];
networking.interfaces.wan1.ipv4.addresses = [{
address = "192.168.0.15";
prefixLength = 24;
}];
networking.vlans.wan2.id = 4;
networking.vlans.wan2.interface = "breth";
networking.interfaces.wan2.ipv4.addresses = [{ address = "172.16.0.15"; prefixLength = 12; } ];
networking.interfaces.wan2.ipv4.addresses = [{
address = "172.16.0.15";
prefixLength = 12;
}];
# Local interfaces, all accessed via VLAN tags on the main bridge
networking.vlans.lan.id = 1;
networking.vlans.lan.interface = "breth";
networking.interfaces.lan.ipv4.addresses = [{ address = "172.172.171.15"; prefixLength = 24; } ];
networking.interfaces.lan.ipv4.addresses = [{
address = "172.172.171.15";
prefixLength = 24;
}];
networking.vlans.dmz.id = 5;
networking.vlans.dmz.interface = "breth";

7
nix/os/devices/fwhost1/user.nix
View file

@ -1,11 +1,8 @@
{ config
, pkgs
, ... }:
{ config, pkgs, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { }) mkUser;
in {
}
in { }

7
nix/os/devices/fwhost1/versions.nix
View file

@ -4,13 +4,10 @@ let
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {

23
nix/os/devices/fwhost1/versions.tmpl.nix
View file

@ -2,30 +2,35 @@ let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.11";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-21.11";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

6
nix/os/devices/fwhost2/boot.nix
View file

@ -1,8 +1,6 @@
{ lib
, ...
}:
{ lib, ... }:
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

6
nix/os/devices/fwhost2/hw.nix
View file

@ -2,8 +2,7 @@
let
in
{
in {
# TASK: new device
hardware.opinionatedDisk = {
enable = true;
@ -12,6 +11,5 @@ in
};
hardware.enableRedistributableFirmware = true;
boot.extraModprobeConfig = ''
'';
boot.extraModprobeConfig = "";
}

24
nix/os/devices/fwhost2/pkg.nix
View file

@ -1,18 +1,18 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
environment.systemPackages = with pkgs; [
iw
wirelesstools
];
environment.systemPackages = with pkgs; [ iw wirelesstools ];
system.stateVersion = "21.11";
}

21
nix/os/devices/fwhost2/system.nix
View file

@ -1,8 +1,4 @@
{ pkgs
, lib
, config
, utils
, ... }:
{ pkgs, lib, config, utils, ... }:
let
keys = import ../../../variables/keys.nix;
@ -32,16 +28,25 @@ in {
# WAN interfaces, currently unused because the OPNsense guest acts as a router.
networking.vlans.wan1.id = 3;
networking.vlans.wan1.interface = "breth";
networking.interfaces.wan1.ipv4.addresses = [{ address = "192.168.0.16"; prefixLength = 24; } ];
networking.interfaces.wan1.ipv4.addresses = [{
address = "192.168.0.16";
prefixLength = 24;
}];
networking.vlans.wan2.id = 4;
networking.vlans.wan2.interface = "breth";
networking.interfaces.wan2.ipv4.addresses = [{ address = "172.16.0.16"; prefixLength = 12; } ];
networking.interfaces.wan2.ipv4.addresses = [{
address = "172.16.0.16";
prefixLength = 12;
}];
# Local interfaces, all accessed via VLAN tags on the main bridge
networking.vlans.lan.id = 1;
networking.vlans.lan.interface = "breth";
networking.interfaces.lan.ipv4.addresses = [{ address = "172.172.171.16"; prefixLength = 24; } ];
networking.interfaces.lan.ipv4.addresses = [{
address = "172.172.171.16";
prefixLength = 24;
}];
networking.vlans.dmz.id = 5;
networking.vlans.dmz.interface = "breth";

4
nix/os/devices/fwhost2/user.nix
View file

@ -1,6 +1,4 @@
{ config
, pkgs
, ... }:
{ config, pkgs, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;

7
nix/os/devices/fwhost2/versions.nix
View file

@ -4,13 +4,10 @@ let
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {

23
nix/os/devices/fwhost2/versions.tmpl.nix
View file

@ -2,30 +2,35 @@ let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.11";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-21.11";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

4
nix/os/devices/srv0.home-ch.stefanjunker.de/boot.nix
View file

@ -1,6 +1,4 @@
{ lib
, ...
}:
{ lib, ... }:
{
boot.loader.grub.efiSupport = true;

3
nix/os/devices/srv0.home-ch.stefanjunker.de/configuration.nix
View file

@ -1,8 +1,7 @@
{ ... }:
{
disabledModules = [
];
disabledModules = [ ];
imports = [
../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix

8
nix/os/devices/srv0.home-ch.stefanjunker.de/hw.nix
View file

@ -1,7 +1,7 @@
{ ... }:
let
stage1Modules = [
stage1Modules = [
"aesni_intel"
"kvm-intel"
@ -20,8 +20,7 @@ let
"xhci_pci"
];
in
{
in {
# TASK: new device
hardware.opinionatedDisk = {
enable = true;
@ -31,6 +30,5 @@ in
boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules;
boot.extraModprobeConfig = ''
'';
boot.extraModprobeConfig = "";
}

33
nix/os/devices/srv0.home-ch.stefanjunker.de/pkg.nix
View file

@ -1,22 +1,23 @@
{ config
, pkgs
, lib
, ...
}:
{ config, pkgs, lib, ... }:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
nix.buildMachines = [
{ hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 4;
}
];
nix.buildMachines = [{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 4;
}];
# services.hydra = {
# enable = false;

26
nix/os/devices/srv0.home-ch.stefanjunker.de/system.nix
View file

@ -1,9 +1,6 @@
{ pkgs
, lib
, config
, ... }:
{ pkgs, lib, config, ... }:
let
let
keys = import ../../../variables/keys.nix;
in {
@ -46,18 +43,12 @@ in {
# services.kubernetes.roles = ["master" "node"];
# virtualization
virtualisation = {
docker.enable = true;
};
virtualisation = { docker.enable = true; };
nix.gc = {
automatic = true;
};
nix.gc = { automatic = true; };
networking.useHostResolvConf = false;
services.resolved = {
enable = true;
};
services.resolved = { enable = true; };
containers = {
mailserver = import ../../containers/mailserver.nix {
@ -87,12 +78,7 @@ in {
inherit config;
hostAddress = "192.168.100.16";
localAddress = "192.168.100.17";
subvolumes = [
"mailserver"
"webserver"
"backup"
"syncthing"
];
subvolumes = [ "mailserver" "webserver" "backup" "syncthing" ];
};
};

3
nix/os/devices/srv0.home-ch.stefanjunker.de/versions.nix
View file

@ -4,9 +4,8 @@ let
ref = "nixos-22.05";
rev = "040c6d8374d090f46ab0e99f1f7c27a4529ecffd";
};
in
{
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;
"nixpkgs-master" = {

15
nix/os/devices/srv0.home-ch.stefanjunker.de/versions.tmpl.nix
View file

@ -2,21 +2,26 @@ let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-22.05";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
in {
inherit nixpkgs;
"channels-nixos-stable" = nixpkgs;
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-22.05";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-22.05 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-22.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

2
nix/os/devices/steveej-nuc7pjyh-work/system.nix
View file

@ -3,7 +3,7 @@
let
in {
services.udev.extraRules = ''SUBSYSTEM=="sgx", MODE="0660", GROUP="sgx"'';
users.groups.sgx = {};
users.groups.sgx = { };
networking.hostName = "steveej-nuc7pjyh-work"; # Define your hostname.
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_sgx_latest;
}

19
nix/os/devices/steveej-nuc7pjyh-work/user.nix
View file

@ -1,6 +1,4 @@
{ config
, pkgs
, ... }:
{ config, pkgs, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;
@ -11,10 +9,19 @@ in {
users.extraUsers.sjunker = mkUser {
uid = 1001;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
shell = pkgs.posh { image = "quay.io/enarx/fedora"; run_args = "-v /dev/sgx:/dev/sgx"; };
shell = pkgs.posh {
image = "quay.io/enarx/fedora";
run_args = "-v /dev/sgx:/dev/sgx";
};
extraGroups = [ "sgx" ];
subUidRanges = [{ startUid = 100000; count = 65536; }];
subGidRanges = [{ startGid = 100000; count = 65536; }];
subUidRanges = [{
startUid = 100000;
count = 65536;
}];
subGidRanges = [{
startGid = 100000;
count = 65536;
}];
};
}

6
nix/os/devices/steveej-pa600/boot.nix
View file

@ -1,8 +1,6 @@
{ lib
, ...
}:
{ lib, ... }:
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

8
nix/os/devices/steveej-pa600/hw.nix
View file

@ -1,7 +1,7 @@
{ ... }:
let
stage1Modules = [
stage1Modules = [
"aesni_intel"
"kvm-intel"
"aes_x86_64"
@ -10,8 +10,7 @@ let
"hxci_hcd"
];
in
{
in {
# TASK: new device
hardware.opinionatedDisk = {
enable = true;
@ -21,6 +20,5 @@ in
# boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules;
boot.extraModprobeConfig = ''
'';
boot.extraModprobeConfig = "";
}

18
nix/os/devices/steveej-pa600/pkg.nix
View file

@ -1,12 +1,16 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix { inherit pkgs; };
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
};
services.teamviewer.enable = true;
system.stateVersion = "20.09";
}

19
nix/os/devices/steveej-pa600/system.nix
View file

@ -1,10 +1,6 @@
{ pkgs
, lib
, config
, ... }:
{ pkgs, lib, config, ... }:
let
keys = import ../../../variables/keys.nix;
let keys = import ../../../variables/keys.nix;
in {
# TASK: new device
@ -21,11 +17,7 @@ in {
services.printing = {
enable = true;
drivers = with pkgs; [
hplip
mfcl3770cdw.driver
mfcl3770cdw.cupswrapper
];
drivers = with pkgs; [ hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
};
services.fprintd.enable = true;
@ -34,9 +26,8 @@ in {
sudo.fprintAuth = true;
};
security.pki.certificateFiles = [
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
];
security.pki.certificateFiles =
[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
services.xserver.videoDrivers = [ "modesetting" ];
services.xserver.serverFlagsSection = ''

4
nix/os/devices/steveej-pa600/user.nix
View file

@ -1,6 +1,4 @@
{ config
, pkgs
, ... }:
{ config, pkgs, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;

7
nix/os/devices/steveej-pa600/versions.nix
View file

@ -4,13 +4,10 @@ let
ref = "nixos-20.09";
rev = "e065200fc90175a8f6e50e76ef10a48786126e1c";
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

23
nix/os/devices/steveej-pa600/versions.tmpl.nix
View file

@ -2,29 +2,34 @@ let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.09";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-20.09";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

3
nix/os/devices/steveej-rmvbl-mmc-SL32G_0x259093f6/system.nix
View file

@ -1,5 +1,6 @@
{ ... }:
{
networking.hostName = "steveej-rmvbl-mmc-SL32G_0x259093f6"; # Define your hostname.
networking.hostName =
"steveej-rmvbl-mmc-SL32G_0x259093f6"; # Define your hostname.
}

9
nix/os/devices/steveej-rmvbl-sdep0/configuration.nix
View file

@ -1,9 +1,12 @@
{ ... }:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
imports = [
../../profiles/common/configuration.nix

17
nix/os/devices/steveej-rmvbl-sdep0/versions.nix
View file

@ -4,20 +4,17 @@ let
ref = "nixos-21.11";
rev = "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb";
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
# "channels-nixos-21.05" = {
# url = "https://github.com/NixOS/nixpkgs/";
# ref = "nixos-21.05";
# rev = "df123677560db3b0db7c19d71981b11091fbeaf6";
# };
# "channels-nixos-21.05" = {
# url = "https://github.com/NixOS/nixpkgs/";
# ref = "nixos-21.05";
# rev = "df123677560db3b0db7c19d71981b11091fbeaf6";
# };
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";

7
nix/os/devices/steveej-t14/boot.nix
View file

@ -1,10 +1,7 @@
{ lib
, pkgs
, ...
}:
{ lib, pkgs, ... }:
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
}

5
nix/os/devices/steveej-t14/hw.nix
View file

@ -1,7 +1,7 @@
{ ... }:
let
stage1Modules = [
stage1Modules = [
"aesni_intel"
"kvm_amd"
"nvme"
@ -11,8 +11,7 @@ let
"e1000e"
];
in
{
in {
# TASK: new device
hardware.opinionatedDisk = {
enable = true;

18
nix/os/devices/steveej-t14/pkg.nix
View file

@ -1,12 +1,16 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix { inherit pkgs; };
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
};
services.teamviewer.enable = true;
system.stateVersion = "20.09";
}

45
nix/os/devices/steveej-t14/system.nix
View file

@ -1,16 +1,10 @@
{ pkgs
, lib
, config
, ... }:
{ pkgs, lib, config, ... }:
let
keys = import ../../../variables/keys.nix;
let keys = import ../../../variables/keys.nix;
in {
nix = {
binaryCaches = [
"https://holochain-ci.cachix.org"
"https://cache.holo.host/"
];
binaryCaches =
[ "https://holochain-ci.cachix.org" "https://cache.holo.host/" ];
binaryCachePublicKeys = [
"holochain-ci.cachix.org-1:5IUSkZc0aoRS53rfkvH9Kid40NpyjwCMCzwRTXy+QN8="
"cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="
@ -21,10 +15,11 @@ in {
# TASK: new device
networking.hostName = "steveej-t14"; # Define your hostname.
networking.bridges."virbr1".interfaces = [];
networking.interfaces."virbr1".ipv4.addresses = [
{ address = "10.254.254.254"; prefixLength = 24; }
];
networking.bridges."virbr1".interfaces = [ ];
networking.interfaces."virbr1".ipv4.addresses = [{
address = "10.254.254.254";
prefixLength = 24;
}];
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
@ -40,11 +35,7 @@ in {
services.printing = {
enable = true;
drivers = with pkgs; [
hplip
mfcl3770cdw.driver
mfcl3770cdw.cupswrapper
];
drivers = with pkgs; [ hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
};
services.fprintd.enable = true;
@ -55,12 +46,10 @@ in {
# virtualization
virtualisation = {
libvirtd = {
enable = true;
};
libvirtd = { enable = true; };
virtualbox.host = {
enable = false ;
enable = false;
addNetworkInterface = false;
};
@ -74,14 +63,10 @@ in {
# client min protocol = NT1
'';
security.pki.certificateFiles =
[ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
security.pki.certificateFiles = [
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
];
services.xserver.videoDrivers = lib.mkForce [
"amdgpu"
];
services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ];
services.xserver.serverFlagsSection = ''
Option "BlankTime" "0"
Option "StandbyTime" "0"

4
nix/os/devices/steveej-t14/user.nix
View file

@ -1,6 +1,4 @@
{ config
, pkgs
, ... }:
{ config, pkgs, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;

7
nix/os/devices/steveej-t14/versions.nix
View file

@ -4,13 +4,10 @@ let
ref = "nixos-22.05";
rev = "6107f97012a0c134c5848125b5aa1b149b76d2c9";
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

27
nix/os/devices/steveej-t14/versions.tmpl.nix
View file

@ -2,34 +2,41 @@ let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-22.05";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-22.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"channels-nixos-unstable-small" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable-small";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable-small | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable-small | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-22.05";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-22.05 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-22.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

4
nix/os/devices/steveej-t480s-work/configuration.nix
View file

@ -1,9 +1,7 @@
{ ... }:
{
disabledModules = [
"system/boot/initrd-network.nix"
];
disabledModules = [ "system/boot/initrd-network.nix" ];
imports = [
../../modules/initrd-network.nix

5
nix/os/devices/steveej-t480s-work/hw.nix
View file

@ -1,7 +1,7 @@
{ ... }:
let
stage1Modules = [
stage1Modules = [
"aesni_intel"
"kvm-intel"
"aes_x86_64"
@ -15,8 +15,7 @@ let
"hxci_hcd"
];
in
{
in {
# TASK: new device
hardware.encryptedDisk = {
enable = true;

18
nix/os/devices/steveej-t480s-work/pkg.nix
View file

@ -1,12 +1,16 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix { inherit pkgs; };
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
};
services.teamviewer.enable = true;
system.stateVersion = "19.09";
}

47
nix/os/devices/steveej-t480s-work/system.nix
View file

@ -1,40 +1,32 @@
{ pkgs
, lib
, config
, ... }:
{ pkgs, lib, config, ... }:
let
keys = import ../../../variables/keys.nix;
let keys = import ../../../variables/keys.nix;
in {
# TASK: new device
networking.hostName = "steveej-t480s-work"; # Define your hostname.
# Used for testing local Openshift clusters
environment.etc."NetworkManager/dnsmasq.d/openshift.conf".text =
let
openshiftClusterName = "openshift-steveej";
openshiftDomain = "openshift.testing";
openshiftSubnetBase = "192.168.126";
in ''
server=/${openshiftDomain}/${openshiftSubnetBase}.1
address=/.apps.${openshiftClusterName}.${openshiftDomain}/${openshiftSubnetBase}.51
environment.etc."NetworkManager/dnsmasq.d/openshift.conf".text = let
openshiftClusterName = "openshift-steveej";
openshiftDomain = "openshift.testing";
openshiftSubnetBase = "192.168.126";
in ''
server=/${openshiftDomain}/${openshiftSubnetBase}.1
address=/.apps.${openshiftClusterName}.${openshiftDomain}/${openshiftSubnetBase}.51
'';
networking.firewall.enable = lib.mkForce false;
networking.firewall.checkReversePath = false;
networking.bridges."virbr1".interfaces = [];
networking.interfaces."virbr1".ipv4.addresses = [
{ address = "10.254.254.254"; prefixLength = 24; }
];
networking.bridges."virbr1".interfaces = [ ];
networking.interfaces."virbr1".ipv4.addresses = [{
address = "10.254.254.254";
prefixLength = 24;
}];
services.printing = {
enable = true;
drivers = with pkgs; [
hplip
mfcl3770cdw.driver
mfcl3770cdw.cupswrapper
];
drivers = with pkgs; [ hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper ];
};
services.fprintd.enable = true;
@ -48,12 +40,10 @@ in {
# virtualization
virtualisation = {
libvirtd = {
enable = true;
};
libvirtd = { enable = true; };
virtualbox.host = {
enable = false ;
enable = false;
addNetworkInterface = false;
};
@ -63,7 +53,6 @@ in {
};
};
boot.initrd.network = {
enable = true;
useDHCP = true;
@ -133,7 +122,7 @@ in {
auth_to_local = RULE:[1:$1@$0](.*@REDHAT\.COM)s/@.*//
auth_to_local = DEFAULT
}
'';
'';
};
hardware.ledger.enable = true;

4
nix/os/devices/steveej-t480s-work/user.nix
View file

@ -1,6 +1,4 @@
{ config
, pkgs
, ... }:
{ config, pkgs, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;

7
nix/os/devices/steveej-t480s-work/versions.nix
View file

@ -4,13 +4,10 @@ let
ref = "nixos-20.09";
rev = "b94726217f7cdc02ddf277b65553762d520da196";
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";

23
nix/os/devices/steveej-t480s-work/versions.tmpl.nix
View file

@ -2,29 +2,34 @@ let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.09";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-20.09";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

421
nix/os/devices/steveej-utilitepro/configuration.nix
View file

@ -4,224 +4,227 @@
{ config, pkgs, ... }:
let
passwords = import ../common/passwords.crypt.nix;
in
{
let passwords = import ../common/passwords.crypt.nix;
in {
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "16.03";
nix.maxJobs = 4;
nix.buildCores = 4;
nix.maxJobs = 4;
nix.buildCores = 4;
nix.extraOptions = ''
nix.extraOptions = ''
gc-keep-outputs = true
gc-keep-derivations = true
'';
'';
nixpkgs.config = {
packageOverrides = super:
let self = super.pkgs;
in {
linux_4_1 = super.linux_4_1.override {
kernelPatches = super.linux_4_1.kernelPatches ++ [
{
patch = ./patches/utilitepro-kernel-dts.patch;
name = "utilitepro-dts";
}
{
patch = ./patches/utilitepro-kernel-dts-Makefile.patch;
name = "utilitepro-dts-Makefile";
}
];
# add "CONFIG_PPP_FILTER y" option to the set of kernel options
extraConfig = ''
BTRFS_FS y
BTRFS_FS_POSIX_ACL y
FUSE_FS y
OVERLAY_FS y
BLK_DEV_DM y
DM_THIN_PROVISIONING y
NAMESPACES y
NET_NS y
PID_NS y
IPC_NS y
UTS_NS y
DEVPTS_MULTIPLE_INSTANCES y
CGROUPS y
CGROUP_CPUACCT y
CGROUP_DEVICE y
CGROUP_FREEZER y
CGROUP_SCHED y
CPUSETS y
MEMCG y
POSIX_MQUEUE y
MACVLAN m
VETH m
BRIDGE m
NF_TABLES m
NETFILTER y
NETFILTER_ADVANCED y
NF_NAT_IPV4 m
IP_NF_FILTER m
IP_NF_TARGET_MASQUERADE m
NETFILTER_XT_MATCH_ADDRTYPE m
NETFILTER_XT_MATCH_CONNTRACK m
NF_NAT m
NF_NAT_NEEDED m
BRIDGE_NETFILTER m
NETFILTER_INGRESS y
NETFILTER_NETLINK m
NETFILTER_NETLINK_ACCT m
NETFILTER_NETLINK_QUEUE m
NETFILTER_NETLINK_LOG m
NETFILTER_SYNPROXY m
NETFILTER_XTABLES m
NETFILTER_XT_MARK m
NETFILTER_XT_CONNMARK m
NETFILTER_XT_SET m
NETFILTER_XT_TARGET_AUDIT m
NETFILTER_XT_TARGET_CHECKSUM m
NETFILTER_XT_TARGET_CLASSIFY m
NETFILTER_XT_TARGET_CONNMARK m
NETFILTER_XT_TARGET_CONNSECMARK m
NETFILTER_XT_TARGET_CT m
NETFILTER_XT_TARGET_DSCP m
NETFILTER_XT_TARGET_HL m
NETFILTER_XT_TARGET_HMARK m
NETFILTER_XT_TARGET_IDLETIMER m
NETFILTER_XT_TARGET_LED m
NETFILTER_XT_TARGET_LOG m
NETFILTER_XT_TARGET_MARK m
NETFILTER_XT_NAT m
NETFILTER_XT_TARGET_NETMAP m
NETFILTER_XT_TARGET_NFLOG m
NETFILTER_XT_TARGET_NFQUEUE m
NETFILTER_XT_TARGET_NOTRACK m
NETFILTER_XT_TARGET_RATEEST m
NETFILTER_XT_TARGET_REDIRECT m
NETFILTER_XT_TARGET_TEE m
NETFILTER_XT_TARGET_TPROXY m
NETFILTER_XT_TARGET_TRACE m
NETFILTER_XT_TARGET_SECMARK m
NETFILTER_XT_TARGET_TCPMSS m
NETFILTER_XT_TARGET_TCPOPTSTRIP m
NETFILTER_XT_MATCH_ADDRTYPE m
NETFILTER_XT_MATCH_BPF m
NETFILTER_XT_MATCH_CGROUP m
NETFILTER_XT_MATCH_CLUSTER m
NETFILTER_XT_MATCH_COMMENT m
NETFILTER_XT_MATCH_CONNBYTES m
NETFILTER_XT_MATCH_CONNLABEL m
NETFILTER_XT_MATCH_CONNLIMIT m
NETFILTER_XT_MATCH_CONNMARK m
NETFILTER_XT_MATCH_CONNTRACK m
NETFILTER_XT_MATCH_CPU m
NETFILTER_XT_MATCH_DCCP m
NETFILTER_XT_MATCH_DEVGROUP m
NETFILTER_XT_MATCH_DSCP m
NETFILTER_XT_MATCH_ECN m
NETFILTER_XT_MATCH_ESP m
NETFILTER_XT_MATCH_HASHLIMIT m
NETFILTER_XT_MATCH_HELPER m
NETFILTER_XT_MATCH_HL m
NETFILTER_XT_MATCH_IPCOMP m
NETFILTER_XT_MATCH_IPRANGE m
NETFILTER_XT_MATCH_IPVS m
NETFILTER_XT_MATCH_L2TP m
NETFILTER_XT_MATCH_LENGTH m
NETFILTER_XT_MATCH_LIMIT m
NETFILTER_XT_MATCH_MAC m
NETFILTER_XT_MATCH_MARK m
NETFILTER_XT_MATCH_MULTIPORT m
NETFILTER_XT_MATCH_NFACCT m
NETFILTER_XT_MATCH_OSF m
NETFILTER_XT_MATCH_OWNER m
NETFILTER_XT_MATCH_POLICY m
NETFILTER_XT_MATCH_PHYSDEV m
NETFILTER_XT_MATCH_PKTTYPE m
NETFILTER_XT_MATCH_QUOTA m
NETFILTER_XT_MATCH_RATEEST m
NETFILTER_XT_MATCH_REALM m
NETFILTER_XT_MATCH_RECENT m
NETFILTER_XT_MATCH_SCTP m
NETFILTER_XT_MATCH_SOCKET m
NETFILTER_XT_MATCH_STATE m
NETFILTER_XT_MATCH_STATISTIC m
NETFILTER_XT_MATCH_STRING m
NETFILTER_XT_MATCH_TCPMSS m
NETFILTER_XT_MATCH_TIME m
NETFILTER_XT_MATCH_U32 m
nixpkgs.config = {
MEMCG_KMEM y
MEMCG_SWAP y
MEMCG_SWAP_ENABLED y
BLK_CGROUP y
IOSCHED_CFQ y
BLK_DEV_THROTTLING y
CGROUP_PERF y
CGROUP_HUGETLB y
NET_CLS_CGROUP y
CGROUP_NET_PRIO y
CFS_BANDWIDTH y
FAIR_GROUP_SCHED y
RT_GROUP_SCHED y
EXT3_FS y
EXT3_FS_XATTR y
EXT3_FS_POSIX_ACL y
EXT3_FS_SECURITY y
packageOverrides = super: let self = super.pkgs; in {
linux_4_1 = super.linux_4_1.override {
kernelPatches = super.linux_4_1.kernelPatches ++ [
{ patch = ./patches/utilitepro-kernel-dts.patch; name = "utilitepro-dts"; }
{ patch = ./patches/utilitepro-kernel-dts-Makefile.patch; name = "utilitepro-dts-Makefile"; }
];
# add "CONFIG_PPP_FILTER y" option to the set of kernel options
extraConfig = ''
BTRFS_FS y
BTRFS_FS_POSIX_ACL y
FUSE_FS y
OVERLAY_FS y
PPP_FILTER y
HAVE_IMX_ANATOP y
HAVE_IMX_GPC y
HAVE_IMX_MMDC y
HAVE_IMX_SRC y
SOC_IMX6 y
SOC_IMX6Q y
SOC_IMX6SL y
PCI_IMX6 y
ARM_IMX6Q_CPUFREQ y
IMX_WEIM y
AHCI_IMX y
SERIAL_IMX y
SERIAL_IMX_CONSOLE y
I2C_IMX y
SPI_IMX y
PINCTRL_IMX y
PINCTRL_IMX6Q y
PINCTRL_IMX6SL y
POWER_RESET_IMX y
IMX_THERMAL y
IMX2_WDT y
IMX_IPUV3_CORE y
DRM_IMX y
DRM_IMX_FB_HELPER y
DRM_IMX_PARALLEL_DISPLAY y
DRM_IMX_TVE y
DRM_IMX_LDB y
DRM_IMX_IPUV3 y
DRM_IMX_HDMI y
MMC_SDHCI_ESDHC_IMX y
IMX_SDMA y
PWM_IMX y
DEBUG_IMX6Q_UART y
BLK_DEV_DM y
DM_THIN_PROVISIONING y
NAMESPACES y
NET_NS y
PID_NS y
IPC_NS y
UTS_NS y
DEVPTS_MULTIPLE_INSTANCES y
CGROUPS y
CGROUP_CPUACCT y
CGROUP_DEVICE y
CGROUP_FREEZER y
CGROUP_SCHED y
CPUSETS y
MEMCG y
POSIX_MQUEUE y
MACVLAN m
VETH m
BRIDGE m
NF_TABLES m
NETFILTER y
NETFILTER_ADVANCED y
NF_NAT_IPV4 m
IP_NF_FILTER m
IP_NF_TARGET_MASQUERADE m
NETFILTER_XT_MATCH_ADDRTYPE m
NETFILTER_XT_MATCH_CONNTRACK m
NF_NAT m
NF_NAT_NEEDED m
BRIDGE_NETFILTER m
NETFILTER_INGRESS y
NETFILTER_NETLINK m
NETFILTER_NETLINK_ACCT m
NETFILTER_NETLINK_QUEUE m
NETFILTER_NETLINK_LOG m
NETFILTER_SYNPROXY m
NETFILTER_XTABLES m
NETFILTER_XT_MARK m
NETFILTER_XT_CONNMARK m
NETFILTER_XT_SET m
NETFILTER_XT_TARGET_AUDIT m
NETFILTER_XT_TARGET_CHECKSUM m
NETFILTER_XT_TARGET_CLASSIFY m
NETFILTER_XT_TARGET_CONNMARK m
NETFILTER_XT_TARGET_CONNSECMARK m
NETFILTER_XT_TARGET_CT m
NETFILTER_XT_TARGET_DSCP m
NETFILTER_XT_TARGET_HL m
NETFILTER_XT_TARGET_HMARK m
NETFILTER_XT_TARGET_IDLETIMER m
NETFILTER_XT_TARGET_LED m
NETFILTER_XT_TARGET_LOG m
NETFILTER_XT_TARGET_MARK m
NETFILTER_XT_NAT m
NETFILTER_XT_TARGET_NETMAP m
NETFILTER_XT_TARGET_NFLOG m
NETFILTER_XT_TARGET_NFQUEUE m
NETFILTER_XT_TARGET_NOTRACK m
NETFILTER_XT_TARGET_RATEEST m
NETFILTER_XT_TARGET_REDIRECT m
NETFILTER_XT_TARGET_TEE m
NETFILTER_XT_TARGET_TPROXY m
NETFILTER_XT_TARGET_TRACE m
NETFILTER_XT_TARGET_SECMARK m
NETFILTER_XT_TARGET_TCPMSS m
NETFILTER_XT_TARGET_TCPOPTSTRIP m
NETFILTER_XT_MATCH_ADDRTYPE m
NETFILTER_XT_MATCH_BPF m
NETFILTER_XT_MATCH_CGROUP m
NETFILTER_XT_MATCH_CLUSTER m
NETFILTER_XT_MATCH_COMMENT m
NETFILTER_XT_MATCH_CONNBYTES m
NETFILTER_XT_MATCH_CONNLABEL m
NETFILTER_XT_MATCH_CONNLIMIT m
NETFILTER_XT_MATCH_CONNMARK m
NETFILTER_XT_MATCH_CONNTRACK m
NETFILTER_XT_MATCH_CPU m
NETFILTER_XT_MATCH_DCCP m
NETFILTER_XT_MATCH_DEVGROUP m
NETFILTER_XT_MATCH_DSCP m
NETFILTER_XT_MATCH_ECN m
NETFILTER_XT_MATCH_ESP m
NETFILTER_XT_MATCH_HASHLIMIT m
NETFILTER_XT_MATCH_HELPER m
NETFILTER_XT_MATCH_HL m
NETFILTER_XT_MATCH_IPCOMP m
NETFILTER_XT_MATCH_IPRANGE m
NETFILTER_XT_MATCH_IPVS m
NETFILTER_XT_MATCH_L2TP m
NETFILTER_XT_MATCH_LENGTH m
NETFILTER_XT_MATCH_LIMIT m
NETFILTER_XT_MATCH_MAC m
NETFILTER_XT_MATCH_MARK m
NETFILTER_XT_MATCH_MULTIPORT m
NETFILTER_XT_MATCH_NFACCT m
NETFILTER_XT_MATCH_OSF m
NETFILTER_XT_MATCH_OWNER m
NETFILTER_XT_MATCH_POLICY m
NETFILTER_XT_MATCH_PHYSDEV m
NETFILTER_XT_MATCH_PKTTYPE m
NETFILTER_XT_MATCH_QUOTA m
NETFILTER_XT_MATCH_RATEEST m
NETFILTER_XT_MATCH_REALM m
NETFILTER_XT_MATCH_RECENT m
NETFILTER_XT_MATCH_SCTP m
NETFILTER_XT_MATCH_SOCKET m
NETFILTER_XT_MATCH_STATE m
NETFILTER_XT_MATCH_STATISTIC m
NETFILTER_XT_MATCH_STRING m
NETFILTER_XT_MATCH_TCPMSS m
NETFILTER_XT_MATCH_TIME m
NETFILTER_XT_MATCH_U32 m
MEMCG_KMEM y
MEMCG_SWAP y
MEMCG_SWAP_ENABLED y
BLK_CGROUP y
IOSCHED_CFQ y
BLK_DEV_THROTTLING y
CGROUP_PERF y
CGROUP_HUGETLB y
NET_CLS_CGROUP y
CGROUP_NET_PRIO y
CFS_BANDWIDTH y
FAIR_GROUP_SCHED y
RT_GROUP_SCHED y
EXT3_FS y
EXT3_FS_XATTR y
EXT3_FS_POSIX_ACL y
EXT3_FS_SECURITY y
PPP_FILTER y
HAVE_IMX_ANATOP y
HAVE_IMX_GPC y
HAVE_IMX_MMDC y
HAVE_IMX_SRC y
SOC_IMX6 y
SOC_IMX6Q y
SOC_IMX6SL y
PCI_IMX6 y
ARM_IMX6Q_CPUFREQ y
IMX_WEIM y
AHCI_IMX y
SERIAL_IMX y
SERIAL_IMX_CONSOLE y
I2C_IMX y
SPI_IMX y
PINCTRL_IMX y
PINCTRL_IMX6Q y
PINCTRL_IMX6SL y
POWER_RESET_IMX y
IMX_THERMAL y
IMX2_WDT y
IMX_IPUV3_CORE y
DRM_IMX y
DRM_IMX_FB_HELPER y
DRM_IMX_PARALLEL_DISPLAY y
DRM_IMX_TVE y
DRM_IMX_LDB y
DRM_IMX_IPUV3 y
DRM_IMX_HDMI y
MMC_SDHCI_ESDHC_IMX y
IMX_SDMA y
PWM_IMX y
DEBUG_IMX6Q_UART y
'';
'';
};
# pkgs.linux_4_2 = "/nix/store/jc1h6mcc6sq420q2i572qba4b0xzw4gm-linux-4.3-armv7l-unknown-linux-gnueabi";
};
# pkgs.linux_4_2 = "/nix/store/jc1h6mcc6sq420q2i572qba4b0xzw4gm-linux-4.3-armv7l-unknown-linux-gnueabi";
};
allowUnfree = true;
};
allowUnfree = true;
};
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
];
networking.hostName = "steveej-utilitepro"; # Define your hostname.
#networking.wireless.enable = true; # Enables wireless support viawpa_supplicant.
#networking.wireless.enable = true; # Enables wireless support viawpa_supplicant.
boot.kernelPackages = pkgs.linuxPackages_4_1;
boot.kernelPackages = pkgs.linuxPackages_4_1;
boot.extraKernelParams = [
"cm_fx6_v4l_msize=128M"
"vmalloc=256M"
@ -263,7 +266,9 @@ in
users.mutableUsers = false;
users.extraUsers.root = {
hashedPassword = passwords.users.root;
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"
];
};
users.extraUsers.steveej = {
uid = 1000;
@ -271,9 +276,11 @@ in
home = "/home/steveej";
extraGroups = [ "wheel" "libvirtd" ];
hashedPassword = passwords.users.steveej;
openssh.authorizedKeys.keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"];
};
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3niN5KcIYikRhXTYZCSehI1ZQs+vvG/dZ7KxNVHslfsS+p1yTycXcZFtDDn5vtG2fAo3yksxCk+G10/AWQ+NMOcFKuAi5qTOYSLbEcHVlZ4ko8sDUe3fF79vrCqY7IWbKKjZ4DH77Qs6SXk5GIlNaIzxut8Dpv8qHnkPiPuFgrJC4oGk60ZKmCPvOEpgg9twcdI6ykIxD4Fg+hHgG1p07uSEcm9EADli8RsU3UJ1UBhXMohMC6HrKVBkBX9wTo+zY+xqXxxem6xGNnkNiZLACfhCnjXv39zh85pgFuNv7R8SzVZQ9iRoCmax/w3JtWdDjqoTGgLfJyhMMjNdjVHOx steveej@steveej-laptop"
];
};
networking.firewall.enable = false;
networking.useNetworkd = true;
networking.useNetworkd = true;
}

20
nix/os/devices/steveej-utilitepro/hardware-configuration.nix
View file

@ -4,9 +4,7 @@
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot.initrd.availableKernelModules = [ ];
boot.kernelModules = [ ];
@ -14,14 +12,14 @@
hardware.enableAllFirmware = true;
fileSystems."/" =
{ device = "/dev/disk/by-uuid/09d1e4a2-d57b-4de8-a42b-671c4c188367";
fsType = "btrfs";
options = "subvol=nixos";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/f1e7e913-93a0-4258-88f9-f65041d91d66";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/09d1e4a2-d57b-4de8-a42b-671c4c188367";
fsType = "btrfs";
options = "subvol=nixos";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/f1e7e913-93a0-4258-88f9-f65041d91d66";
};
swapDevices = [ ];
}

4
nix/os/devices/vmd32387.contaboserver.net/boot.nix
View file

@ -1,6 +1,4 @@
{ lib
, ...
}:
{ lib, ... }:
{
boot.loader.grub.efiSupport = lib.mkForce false;

3
nix/os/devices/vmd32387.contaboserver.net/configuration.nix
View file

@ -1,8 +1,7 @@
{ ... }:
{
disabledModules = [
];
disabledModules = [ ];
imports = [
../../profiles/common/configuration.nix
../../modules/opinionatedDisk.nix

8
nix/os/devices/vmd32387.contaboserver.net/hw.nix
View file

@ -1,7 +1,7 @@
{ ... }:
let
stage1Modules = [
stage1Modules = [
"aesni_intel"
"kvm-intel"
@ -14,8 +14,7 @@ let
"scsi_mod"
];
in
{
in {
# TASK: new device
hardware.opinionatedDisk = {
enable = true;
@ -25,6 +24,5 @@ in
boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules;
boot.extraModprobeConfig = ''
'';
boot.extraModprobeConfig = "";
}

49
nix/os/devices/vmd32387.contaboserver.net/pkg.nix
View file

@ -1,29 +1,31 @@
{ config
, pkgs
, lib
, ...
}:
{ config, pkgs, lib, ... }:
{
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
nixpkgs.config.packageOverrides = pkgs:
with pkgs; {
nixPath = (import ../../../default.nix {
versionsPath = ./versions.nix;
}).nixPath;
};
home-manager.users.steveej =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
nix.buildMachines = [
{ hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 4;
}
];
nix.buildMachines = [{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 4;
}];
services.hydra = {
enable = false;
hydraURL = "http://localhost:3000"; # externally visible URL
notificationSender = "hydra@${config.networking.hostName}.stefanjunker.de"; # e-mail of hydra service
notificationSender =
"hydra@${config.networking.hostName}.stefanjunker.de"; # e-mail of hydra service
# a standalone hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
buildMachinesFiles = [];
buildMachinesFiles = [ ];
# you will probably also want, otherwise *everything* will be built from scratch
useSubstitutes = true;
};
@ -31,13 +33,7 @@
services.gitlab-runner = {
enable = true;
extraPackages = with pkgs; [
bash
gitlab-runner
nix
gitFull
git-crypt
];
extraPackages = with pkgs; [ bash gitlab-runner nix gitFull git-crypt ];
concurrent = 2;
checkInterval = 0;
@ -45,7 +41,8 @@
nixRunner = {
executor = "shell";
runUntagged = true;
registrationConfigFile = "/etc/secrets/gitlab-runner/nix-runner.registration";
registrationConfigFile =
"/etc/secrets/gitlab-runner/nix-runner.registration";
tagList = [ "nix" ];
};
};

32
nix/os/devices/vmd32387.contaboserver.net/system.nix
View file

@ -1,7 +1,4 @@
{ pkgs
, lib
, config
, ... }:
{ pkgs, lib, config, ... }:
let
keys = import ../../../variables/keys.nix;
@ -10,7 +7,7 @@ let
in {
# TASK: new device
networking.hostName = "vmd32387"; # Define your hostname.
networking.domain = "contaboserver.net";
networking.domain = "contaboserver.net";
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
@ -27,9 +24,10 @@ in {
networking.interfaces.eth0 = {
useDHCP = true;
ipv6.addresses = [
{ address = "2a02:c207:3003:2387::1"; prefixLength = 64; }
];
ipv6.addresses = [{
address = "2a02:c207:3003:2387::1";
prefixLength = 64;
}];
};
networking.defaultGateway6 = {
address = "fe80::1";
@ -46,9 +44,7 @@ in {
# services.kubernetes.roles = ["master" "node"];
# virtualization
virtualisation = {
docker.enable = true;
};
virtualisation = { docker.enable = true; };
services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true;
@ -62,25 +58,21 @@ in {
'';
};
systemd.services.sshd.serviceConfig = {
TasksMax = 32;
};
systemd.services.sshd.serviceConfig = { TasksMax = 32; };
systemd.timers."sshd-status" = {
description = "Timer to trigger sshd-status periodically";
enable = true;
wantedBy = [ "timer.target" "multi-user.target" ];
timerConfig = {
OnActiveSec="5s";
OnUnitActiveSec="5s";
AccuracySec="1s";
OnActiveSec = "5s";
OnUnitActiveSec = "5s";
AccuracySec = "1s";
Unit = "sshd-status.service";
};
};
nix.gc = {
automatic = true;
};
nix.gc = { automatic = true; };
boot.initrd.network = {
enable = true;

7
nix/os/devices/vmd32387.contaboserver.net/versions.nix
View file

@ -4,13 +4,10 @@ let
ref = "nixos-21.11";
rev = "e34c5379866833f41e2a36f309912fa675d687c7";
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-21.05" = {
url = "https://github.com/NixOS/nixpkgs/";

39
nix/os/devices/vmd32387.contaboserver.net/versions.tmpl.nix
View file

@ -2,49 +2,62 @@ let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.11";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
in {
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
nixos = nixpkgs // { suffix = "/nixos"; };
"channels-nixos-stable" = nixpkgs;
"channels-nixos-21.05" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-21.05";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.05 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"channels-nixos-20.09" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.09";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"channels-nixos-20.03" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.03";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.03 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.03 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"channels-nixos-19.09" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-19.09";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-19.09 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-19.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-21.05";
rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-21.05 | awk '{ print $1 }' | tr -d '\n' -%>";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-21.05 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

67
nix/os/lib/default.nix
View file

@ -1,31 +1,32 @@
{ keys ? import ../../variables/keys.nix
, passwords ? import ../../variables/passwords.crypt.nix
}:
{ keys ? import ../../variables/keys.nix
, passwords ? import ../../variables/passwords.crypt.nix }:
{
mkRoot = { } @ args: {
hashedPassword = passwords.users.root;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
} // args;
mkRoot = { }@args:
{
hashedPassword = passwords.users.root;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
} // args;
mkUser = {uid, hashedPassword ? passwords.users.steveej, ... } @ args: {
inherit uid hashedPassword;
isNormalUser = true;
extraGroups = [
"docker"
"wheel"
"libvirtd"
"networkmanager"
"vboxusers"
"users"
"input"
"audio"
"video"
"cdrom"
"adbusers"
];
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
} // args;
mkUser = { uid, hashedPassword ? passwords.users.steveej, ... }@args:
{
inherit uid hashedPassword;
isNormalUser = true;
extraGroups = [
"docker"
"wheel"
"libvirtd"
"networkmanager"
"vboxusers"
"users"
"input"
"audio"
"video"
"cdrom"
"adbusers"
];
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
} // args;
disk = rec {
# TODO: verify the GPT PARTLABEL cap at 36 chars
@ -44,14 +45,16 @@
# Cannot use the disk ID here because might be different at install vs. runtime.
# Example: MMC card which is used in the internal reader vs. USB reader
bootFsDevice = diskId: "/dev/disk/by-partlabel/" + (shortenGptPartlabel ("2-"+diskId));
bootLuksDevice = diskId: "/dev/disk/by-partlabel/" + (shortenGptPartlabel ("3-"+diskId));
luksName = diskId: (volumeGroup diskId)+"pv";
bootFsDevice = diskId:
"/dev/disk/by-partlabel/" + (shortenGptPartlabel ("2-" + diskId));
bootLuksDevice = diskId:
"/dev/disk/by-partlabel/" + (shortenGptPartlabel ("3-" + diskId));
luksName = diskId: (volumeGroup diskId) + "pv";
luksPhysicalVolume = diskId: "/dev/mapper/" + (luksName diskId);
lvmPv = diskId: encrypted:
if encrypted == true
then luksPhysicalVolume diskId
else bootLuksDevice diskId
;
if encrypted == true then
luksPhysicalVolume diskId
else
bootLuksDevice diskId;
};
}

27
nix/os/modules/ddclient-ovh.nix
View file

@ -1,6 +1,4 @@
{ lib
, config
, ... }:
{ lib, config, ... }:
let
cfg = config.services.ddclientovh;
@ -11,21 +9,20 @@ in {
options.services.ddclientovh = with lib; {
enable = mkEnableOption "Enable ddclient-ovh";
domain = mkOption {
type = types.str;
};
domain = mkOption { type = types.str; };
};
config = lib.mkIf cfg.enable {
services.ddclient = {
enable = true;
protocol = "dyndns2";
server = "www.ovh.com";
ssl = true;
domains = [ cfg.domain ];
use = "web";
inherit (passwords.dyndns.${cfg.domain}) username;
passwordFile = builtins.toFile passwords.dyndns._filename passwords.dyndns.${cfg.domain}.password;
services.ddclient = {
enable = true;
protocol = "dyndns2";
server = "www.ovh.com";
ssl = true;
domains = [ cfg.domain ];
use = "web";
inherit (passwords.dyndns.${cfg.domain}) username;
passwordFile = builtins.toFile passwords.dyndns._filename
passwords.dyndns.${cfg.domain}.password;
};
};
}

37
nix/os/modules/initrd-network.nix
View file

@ -6,29 +6,26 @@ let
cfg = config.boot.initrd.network;
udhcpcScript = pkgs.writeScript "udhcp-script"
''
#! /bin/sh
if [ "$1" = bound ]; then
ip address add "$ip/$mask" dev "$interface"
if [ -n "$router" ]; then
ip route add "$router" dev "$interface" # just in case if "$router" is not within "$ip/$mask" (e.g. Hetzner Cloud)
ip route add default via "$router" dev "$interface"
fi
if [ -n "$dns" ]; then
rm -f /etc/resolv.conf
for i in $dns; do
echo "nameserver $dns" >> /etc/resolv.conf
done
fi
udhcpcScript = pkgs.writeScript "udhcp-script" ''
#! /bin/sh
if [ "$1" = bound ]; then
ip address add "$ip/$mask" dev "$interface"
if [ -n "$router" ]; then
ip route add "$router" dev "$interface" # just in case if "$router" is not within "$ip/$mask" (e.g. Hetzner Cloud)
ip route add default via "$router" dev "$interface"
fi
'';
if [ -n "$dns" ]; then
rm -f /etc/resolv.conf
for i in $dns; do
echo "nameserver $dns" >> /etc/resolv.conf
done
fi
fi
'';
udhcpcArgs = toString cfg.udhcpc.extraArgs;
in
{
in {
options = {
@ -51,7 +48,7 @@ in
};
boot.initrd.network.udhcpc.extraArgs = mkOption {
default = [];
default = [ ];
type = types.listOf types.str;
description = ''
Additional command-line arguments passed verbatim to udhcpc if

6
nix/os/modules/natrouter.nix
View file

@ -1,7 +1,5 @@
{ lib
, config
, ... }:
with lib;
{ lib, config, ... }:
with lib;
{
# TODO

30
nix/os/modules/opinionatedDisk.nix
View file

@ -1,7 +1,5 @@
{ lib
, config
, ... }:
with lib;
{ lib, config, ... }:
with lib;
let
cfg = config.hardware.opinionatedDisk;
@ -9,9 +7,7 @@ let
in {
options.hardware.opinionatedDisk = {
enable = mkEnableOption "Enable opinionated filesystem layout";
diskId = mkOption {
type = types.str;
};
diskId = mkOption { type = types.str; };
encrypted = mkOption {
default = true;
type = types.bool;
@ -36,27 +32,25 @@ in {
options = [ "subvol=home" ];
};
swapDevices = [ { device = (ownLib.disk.swapFsDevice cfg.diskId); } ];
swapDevices = [{ device = (ownLib.disk.swapFsDevice cfg.diskId); }];
boot.loader.grub = {
device = (ownLib.disk.bootGrubDevice cfg.diskId);
enableCryptodisk = cfg.encrypted;
};
boot.initrd.luks.devices = lib.optionalAttrs cfg.encrypted (builtins.listToAttrs [
{
name =
let
splitstring = builtins.split "/" (ownLib.disk.bootLuksDevice cfg.diskId);
lastelem = (builtins.length splitstring)-1;
in
builtins.elemAt splitstring lastelem;
boot.initrd.luks.devices = lib.optionalAttrs cfg.encrypted
(builtins.listToAttrs [{
name = let
splitstring =
builtins.split "/" (ownLib.disk.bootLuksDevice cfg.diskId);
lastelem = (builtins.length splitstring) - 1;
in builtins.elemAt splitstring lastelem;
value = {
device = (ownLib.disk.bootLuksDevice cfg.diskId);
preLVM = true;
allowDiscards = true;
};
}
]);
}]);
};
}

9
nix/os/profiles/common/boot.nix
View file

@ -1,6 +1,4 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
{
boot.kernelPackages = pkgs.linuxPackages;
@ -16,9 +14,6 @@
boot.tmpOnTmpfs = true;
# Workaround for nm-pptp to enforce module load
boot.kernelModules = [
"nf_conntrack_proto_gre"
"nf_conntrack_pptp"
];
boot.kernelModules = [ "nf_conntrack_proto_gre" "nf_conntrack_pptp" ];
}

8
nix/os/profiles/common/configuration.nix
View file

@ -3,11 +3,5 @@
{
nixpkgs.overlays = builtins.attrValues (import ../../../overlays);
imports = [
./boot.nix
./pkg.nix
./user.nix
./system.nix
./hw.nix
];
imports = [ ./boot.nix ./pkg.nix ./user.nix ./system.nix ./hw.nix ];
}

10
nix/os/profiles/common/hw.nix
View file

@ -3,12 +3,6 @@
{
hardware.trackpoint.emulateWheel = true;
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
"cryptd"
];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" "cryptd" ];
}

16
nix/os/profiles/common/pkg.nix
View file

@ -1,19 +1,17 @@
{ config
, pkgs
, ... }:
{ config, pkgs, ... }:
{
imports = [
"${<home-manager-module>}/nixos"
];
home-manager.users.root = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
imports = [ "${<home-manager-module>}/nixos" ];
home-manager.users.root =
import ../../../home-manager/configuration/text-minimal.nix {
inherit pkgs;
};
nixpkgs.config = {
allowBroken = false;
allowUnfree = true;
packageOverrides = pkgs: with pkgs; {
};
packageOverrides = pkgs: with pkgs; { };
};
environment.systemPackages = with pkgs; [

18
nix/os/profiles/common/system.nix
View file

@ -1,8 +1,4 @@
{ config
, pkgs
, lib
, ...
}:
{ config, pkgs, lib, ... }:
{
nix.binaryCachePublicKeys = [
@ -30,20 +26,14 @@
}
'';
environment.variables = {
NIX_PATH = lib.mkForce pkgs.nixPath;
};
environment.variables = { NIX_PATH = lib.mkForce pkgs.nixPath; };
# Fonts, I18N, Date ...
fonts.fonts = [
pkgs.corefonts
];
fonts.fonts = [ pkgs.corefonts ];
console.font = "lat9w-16";
i18n = {
defaultLocale = "en_US.UTF-8";
};
i18n = { defaultLocale = "en_US.UTF-8"; };
time.timeZone = "Europe/Berlin";
services.gpm.enable = true;

8
nix/os/profiles/common/user.nix
View file

@ -1,6 +1,4 @@
{ config
, pkgs
, ... }:
{ config, pkgs, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;
@ -9,9 +7,7 @@ in {
users.mutableUsers = false;
users.extraUsers.root = mkRoot { };
users.extraUsers.steveej = mkUser {
uid = 1000;
};
users.extraUsers.steveej = mkUser { uid = 1000; };
security.pam.u2f.enable = true;
security.pam.services.steveej.u2fAuth = true;

8
nix/os/profiles/containers/configuration.nix
View file

@ -4,11 +4,7 @@
nixpkgs.overlays = builtins.attrValues (import ../../../overlays);
networking.useHostResolvConf = false;
services.resolved = {
enable = true;
};
services.resolved = { enable = true; };
imports = [
../../modules/ddclient-ovh.nix
];
imports = [ ../../modules/ddclient-ovh.nix ];
}

8
nix/os/profiles/graphical/boot.nix
View file

@ -1,7 +1,3 @@
{ lib, ... }:
{ lib
, ...
}:
{
}
{ }

10
nix/os/profiles/graphical/configuration.nix
View file

@ -1,11 +1,5 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
{
imports = [
./boot.nix
./system.nix
./hw.nix
];
imports = [ ./boot.nix ./system.nix ./hw.nix ];
}

4
nix/os/profiles/graphical/hw.nix
View file

@ -1,6 +1,4 @@
{
...
}:
{ ... }:
{
hardware.enableAllFirmware = true;

33
nix/os/profiles/graphical/system.nix
View file

@ -1,6 +1,4 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
{
networking.networkmanager = {
@ -30,9 +28,7 @@
};
};
# required for running blueman-applet in user sessions
services.dbus.packages = with pkgs; [
blueman
];
services.dbus.packages = with pkgs; [ blueman ];
services.blueman.enable = true;
services.xserver = {
@ -40,7 +36,16 @@
libinput.enable = true;
libinput.touchpad.naturalScrolling = true;
videoDrivers = [ "qxl" "modesetting" "ati" "cirrus" "intel" "vesa" "vmware" "modesetting" ];
videoDrivers = [
"qxl"
"modesetting"
"ati"
"cirrus"
"intel"
"vesa"
"vmware"
"modesetting"
];
layout = "us";
xkbVariant = "altgr-intl";
xkbOptions = "nodeadkeys";
@ -63,11 +68,11 @@
lightdm = {
enable = true;
background = "${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
background =
"${pkgs.nixos-artwork.wallpapers.simple-blue}/share/artwork/gnome/nix-wallpaper-simple-blue.png";
};
sessionCommands = ''
'';
sessionCommands = "";
};
};
@ -97,11 +102,8 @@
};
# More Services
services.udev.packages = [
pkgs.libu2f-host
pkgs.yubikey-personalization
pkgs.android-udev-rules
];
services.udev.packages =
[ pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules ];
services.udev.extraRules = ''
# OnePlusOne
ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
@ -116,7 +118,6 @@
SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0406", ENV{ID_SECURITY_TOKEN}="1", GROUP="wheel"
'';
services.samba.enable = true;
services.samba.extraConfig = ''
client max protocol = SMB3

100
nix/os/profiles/install-medium/iso/iso.nix
View file

@ -1,52 +1,63 @@
# This module defines a small NixOS installation CD. It does not
# contain any graphical stuff.
{config, pkgs, lib, ...}:
{ config, pkgs, lib, ... }:
let nixos-init-script = ''
#!${pkgs.stdenv.shell}
let
nixos-init-script = ''
#!${pkgs.stdenv.shell}
export HOME=/root
export PATH=${pkgs.lib.makeBinPath [
config.nix.package pkgs.systemd pkgs.gnugrep pkgs.gnused config.system.build.nixos-rebuild
config.system.build.nixos-install pkgs.utillinux pkgs.e2fsprogs pkgs.coreutils pkgs.hdparm
]}:$PATH
export NIX_PATH=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels
export HOME=/root
export PATH=${
pkgs.lib.makeBinPath [
config.nix.package
pkgs.systemd
pkgs.gnugrep
pkgs.gnused
config.system.build.nixos-rebuild
config.system.build.nixos-install
pkgs.utillinux
pkgs.e2fsprogs
pkgs.coreutils
pkgs.hdparm
]
}:$PATH
export NIX_PATH=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels
set -xe
set -xe
fdisk -w always -W always /dev/vda <<EOF
g
n
1
fdisk -w always -W always /dev/vda <<EOF
g
n
1
+8M
n
2
+8M
n
2
+1G
n
3
+1G
n
3
t
1
4
w
EOF
lsblk
t
1
4
w
EOF
lsblk
mkfs.ext4 -m0 -L nixos /dev/vda3
mount -L nixos /mnt
mkswap -L swap /dev/vda2
swapon -L swap
mkfs.ext4 -m0 -L nixos /dev/vda3
mount -L nixos /mnt
mkswap -L swap /dev/vda2
swapon -L swap
mkdir /mnt/etc/nixos -p
cp /dev/vdb /mnt/etc/nixos/configuration.nix
mkdir /mnt/etc/nixos -p
cp /dev/vdb /mnt/etc/nixos/configuration.nix
nix-channel --update
nixos-install
reboot
'';
nix-channel --update
nixos-install
reboot
'';
in {
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix>
@ -56,15 +67,17 @@ in {
# <nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
];
isoImage.isoName = lib.mkForce "${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso";
isoImage.isoName = lib.mkForce
"${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso";
boot.loader.timeout = lib.mkForce 0;
boot.postBootCommands = ''
'';
boot.postBootCommands = "";
environment.systemPackages = [];
environment.systemPackages = [ ];
users.users.root = {
openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4RFtHz0sE5y0AyZZm/tH7bBBgsx55gLPt5tGsl9yZlOzih6n4qbJE/9OOdwnOY2AHRe2lrlTekbW5ewWSBBCbiBE3Vux86sLgy7LM9zoKaNC+E3hmxaoS9SExn0BTkb3kNlOcj2k6UyJhkZWEsqVMV5C21R8EWmMlLY/qm3AxptNjOyzKDwNX2zlHZ5IyjgzO4ZjIxjawmJlUrVEn7/m+M7qK3I1Tyg/ZvDSfmxVJS97sVzseYE0rVwLEWJQOnHh0wnfl27smr2McAB7Cy6sxKyPKvEGyXbNqqb8fqk4okZlRRxhq/XkKlC7IZr+uqYxlL4HN8vjkTRNlgenDUSVT cardno:000604870382" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4RFtHz0sE5y0AyZZm/tH7bBBgsx55gLPt5tGsl9yZlOzih6n4qbJE/9OOdwnOY2AHRe2lrlTekbW5ewWSBBCbiBE3Vux86sLgy7LM9zoKaNC+E3hmxaoS9SExn0BTkb3kNlOcj2k6UyJhkZWEsqVMV5C21R8EWmMlLY/qm3AxptNjOyzKDwNX2zlHZ5IyjgzO4ZjIxjawmJlUrVEn7/m+M7qK3I1Tyg/ZvDSfmxVJS97sVzseYE0rVwLEWJQOnHh0wnfl27smr2McAB7Cy6sxKyPKvEGyXbNqqb8fqk4okZlRRxhq/XkKlC7IZr+uqYxlL4HN8vjkTRNlgenDUSVT cardno:000604870382"
];
};
services.gpm.enable = true;
@ -74,13 +87,14 @@ in {
script = nixos-init-script;
path = with pkgs; [ ];
description = "Initialize /dev/vda from configuration.nix found at /dev/vdb";
description =
"Initialize /dev/vda from configuration.nix found at /dev/vdb";
enable = true;
wantedBy = [ "multi-user.target" ];
after = [ "multi-user.target" ];
requires = [ "network-online.target" ];
restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;

10
nix/os/profiles/podman/configuration.nix
View file

@ -47,10 +47,10 @@
'';
environment.etc."cni/net.d/00-loopback.conf".text = ''
{
"cniVersion": "0.3.0",
"type": "loopback"
}
{
"cniVersion": "0.3.0",
"type": "loopback"
}
'';
environment.etc."cni/net.d/87-podman-bridge.conflist".text = ''
@ -176,5 +176,5 @@
runc = [
"${pkgs.runc}/bin/runc"
]
'';
'';
}

6
nix/os/profiles/removable-medium/boot.nix
View file

@ -1,9 +1,7 @@
{ lib
, ...
}:
{ lib, ... }:
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.extraModulePackages = [ ];
}

2
nix/os/profiles/removable-medium/configuration.nix
View file

@ -1,7 +1,7 @@
{ ... }:
{
imports = [
imports = [
../../modules/opinionatedDisk.nix
./pkg.nix

9
nix/os/profiles/removable-medium/pkg.nix
View file

@ -1,7 +1,8 @@
{ pkgs
, ...
}:
{ pkgs, ... }:
{
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-removable.nix { inherit pkgs; };
home-manager.users.steveej =
import ../../../home-manager/configuration/graphical-removable.nix {
inherit pkgs;
};
}

5
nix/os/profiles/removable-medium/system.nix
View file

@ -1,12 +1,9 @@
{ config, lib, pkgs, ... }:
let
in {
services.printing = {
enable = false;
};
services.printing = { enable = false; };
services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true;